topic Re: Using CheckPoint 730 for the first point firewall in Spark Firewall (SMB)

Using CheckPoint 730 for the first point firewall

bear410hk — Fri, 26 Apr 2019 08:47:29 GMT

Dear All,

I'm new in CheckPoint firewall. I would like to add checkpoint 730 for my web service first point firewall as auditor suggest to use 2 different brands firewall for more security, As I search on google I need to use the bridge mode to pass anything from checkpoint to the second firewall. what should I do, or any step by step introduction I can study?

here is our network (Web Service);

Internet modem > Cisco Giga Switch (8 port, 2 Cable connected to SonicWall) > SonicWall Firewall x 2 (with failover) > VM

For more security, I would like to add 730 before SonicWall Firewall.

would like to change to :

Internet modem > Cisco Giga Switch (8 port, 2 Cable connected to CheckPoint730) > Check Point 730 > SonicWall Firewall x 2 (with failover) > VM

Question:

1. is it the best way of using bridge mode?

2. if I add checkpoint before SonicWall, the internet address(already config in SonicWall) need move to the checkpoint as internet gateway?

3. any way for no touch SonicWall config but can add checkpoint 730 with block function? (because SonicWall is under vendor control.) for example the same rules of Sonicwall, such as allow 80, 443 but block remote port etc...

Thanks for your help.

Bear

Re: Using CheckPoint 730 for the first point firewall

PhoneBoy — Mon, 29 Apr 2019 06:41:04 GMT

If you use Bridge Mode, the 730 is transparent and you don't need to change any addressing.
That said, you don't necessarily need to use Bridge Mode if the Sonicwall is already getting its public IP via DHCP.
Of course, then the Sonicwall won't be reachable from the Internet, which might mean you need to configure rules for the vendor to manage the Sonicwall...which you might need to do in Bridge Mode anyway.

Also, you don't necessarily get better security with two different vendor firewall products inline.

Re: Using CheckPoint 730 for the first point firewall

bear410hk — Mon, 29 Apr 2019 07:25:11 GMT

HI Phoneboy,

Thanks for your reply.

I have some confines about the bridge mode setting. would you mind give me some guild/step of it?

1. As you said I don't need to change any addressing, so I just need to plug 2 cables into LAN port 1 & 2 and bridge both of them(br0) and using other 2 cables connect to LAN 3 & 4 with SonicWall 1 & 2 and also set at bridge mode (br1), am I right?

2. when I trying to set br0 at LAN1 switch checkpoint need me to enter an IP address (default 192.168.200.1), it can't be blank.

Thanks

Bear